test: Drop cockpit-ws* groups

Cockpit 330 (RHEL 9.6/10.0/Fedora 40) does not have any static system
groups any more, everything is handled through `DynamicUser=`.

The ownership of the certificate hasn't mattered since Cockpit 257 [1],
which is in RHEL 8.7, 9.0, and all current Fedora/Debian/Ubuntu OSes.

Setting a certificate group *can* be useful to share it with other
services (like symlinking a global LetsEncrypt cert to ws-certs.d/), but
this isn't what our documentation and tests do -- they produce a
certificate exclusively for Cockpit. So just drop the group handling.

[1] cockpit-project/cockpit@644116a0cd

README.md

@@ -212,7 +212,6 @@ assuming your machines are joined to a FreeIPA domain.
           - name: monger-cockpit
             dns: ['localhost', 'www.example.com']
             ca: ipa
-            group: cockpit-ws
 ```
 
 Note: Generating a new certificate using the `certificate` system role in the playbook remains supported.
@@ -235,7 +234,6 @@ This example also installs Cockpit with an IdM-issued web server certificate.
           - name: /etc/cockpit/ws-certs.d/monger-cockpit
             dns: ['localhost', 'www.example.com']
             ca: ipa
-            group: cockpit-ws  # or cockpit-wsinstance on newer cockpit versions
 ```
 
 NOTE: The `certificate` role, unless using IPA and joining the systems to an IPA domain,

tests/tests_certificate_external.yml

@@ -26,10 +26,6 @@
                 setype: cert_t
                 mode: "0755"
 
-            # returns global variable __cockpit_test_group
-            - name: Get name of cockpit group to use
-              include_tasks: tasks/get_cockpit_group.yml
-
             # has to be done dynamically, as the first step checks it out
             - name: Generate certificate with certificate system role
               include_role:
@@ -39,7 +35,6 @@
                   - name: /etc/cockpit/ws-certs.d/monger-cockpit
                     dns: ['localhost', 'www.example.com']
                     ca: self-sign
-                    group: "{{ __cockpit_test_group }}"
 
             # ostree cannot remove packages and cannot cleanup properly
             # this works around that issue

tests/tests_certificate_internal.yml

@@ -17,18 +17,13 @@
               vars:
                 cockpit_packages: minimal
 
-            # returns global variable __cockpit_test_group
-            - name: Get name of cockpit group to use
-              include_tasks: tasks/get_cockpit_group.yml
-
             - name: Install cockpit with cockpit_certificates request
               vars:
                 cockpit_packages: minimal
                 cockpit_certificates:
                   - name: "{{ cert_name }}"
                     dns: ['localhost', 'www.example.com']
                     ca: self-sign
-                    group: "{{ __cockpit_test_group }}"
               include_role:
                 name: linux-system-roles.cockpit
                 public: true

tests/tests_certificate_runafter.yml

@@ -24,10 +24,6 @@
         setype: cert_t
         mode: "0755"
 
-    # returns global variable __cockpit_test_group
-    - name: Get name of cockpit group to use
-      include_tasks: tasks/get_cockpit_group.yml
-
     # has to be done dynamically, as the first step checks it out
     - name: Generate certificate with certificate system role
       include_role:
@@ -38,7 +34,6 @@
           - name: monger-cockpit
             dns: ['localhost', 'www.example.com']
             ca: local
-            group: "{{ __cockpit_test_group }}"
             # ideally we'd put the cert directly into /etc/cockpit/ws-certs.d;
             # however, cockpit in RHEL/CentOS 7 does not yet support a separate
             # key file, and lsr.certificate sets wrong permissions
@@ -48,7 +43,6 @@
               cat {{ __certificate_default_directory }}/certs/monger-cockpit.crt \
               {{ __certificate_default_directory }}/private/monger-cockpit.key > $DEST
               chmod 640 $DEST
-              chown root:{{ __cockpit_test_group }} $DEST
 
     - name: Validate installation
       block: